Information Security, Ethical Hacking, website Security, Database Security, IT Audit and Compliance, Security news, Programming, Linux and Security.
Monday, 16 September 2013
Mobile Threat Monday: Downloading iOS 7 Before Release
The latest version of Apple's mobile operating system, iOS 7, will launch on September 18. For owners of recent iPad, iPhone, and iPod Touch models, this will be a free over-the-air download that will only cost you time. Despite being free, pirated beta versions of iOS 7 are popular downloads on various Bittorrent websites. Perhaps it goes without saying, but trusting your device to a pirated operating system isn't a good idea.
Activation Errors
If you want a legal, Apple-approved copy of iOS 7 beta you'll need to pony up $99 to the App Store gatekeepers. In exchange for your cash, Apple authorizes your device's UDID number and approves beta versions of iOS 7 for use on your device. There is, however, a weird little work-around that side-steps the UDID authentication process so anyone can install iOS beta files.
There are scattered reports of unauthorized iOS 7 users suddenly finding themselves hit with strange activation errors, forcing them to downgrade back to iOS 6 and restore from backups. Whether or not this is Apple trying to maintain control of their betas isn't clear, but it sounds like a real headache. And an unnecessary one to boot!
Scams and Malware
Where there are illegal downloads there are scams, and iOS 7 is no different. Remember how you don't need to Apple to authorize your UDID to install iOS 7? Not everyone has received the memo, and people are apparently making a business of "authorizing" UDIDs of would-be iOS 7 users.
Of course that there's no guarantee that these UDID authorizers will deliver their goods, and we've seen similar scams for iOS 6 jailbreaking tools that parted victims from their money and personal information to boot. Scammers are particularly fond of catering to less-than-legal desires, since most victims won't report the crime out of fear they'll be punished themselves.
Even if you successfully purchase an activation from one of these sellers, your UDID is now tied to a developer account oustide of your control. Worse yet, if they have physical access to your device these "developers" wanted could install whatever apps they want. This is similar to how the Mactans malicious charging stations we saw at Black Hat work.
It's unlikely that pirated copies of iOS 7 beta will contain malware since the code is signed by Apple. That said, installing critical system files obtained from a shady Torrent website doesn't sound like a good idea to me. After all, jailbreaking iPhones has turned out to be a great way to introduce malware onto Apple devices.
"It's just crazy," said SecurityWatch contributor Neil Rubenking. "I mean, you wouldn't go to a shady east European website to download your Windows updates, would you?"
Just Wait!
Really, everyone could just save themselves a lot of trouble by waiting the two days until Apple drops the official release. I mean, come on: it's free! Why even worry about activation problems, scammers, and potential malware when you can sleep two nights and wake up with a brand new operating system fully supported by the manufacturer.
Apple has thrived off the excitement generated by their announcements, and it's thrilling to get a glimpse of a highly anticipated product before it hits the streets. But in this case, it's safer to just wait until release.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment